Applications are using transport layer security (TLS)/secure sockets layer (SSL) to encrypt communications to provide end-to-end confidentiality from external and internal (i.e., inside the corporate network) eavesdroppers. For example, HTTPS uses SSL to encrypt HTTP communications between a client web browser and a web server. This prevents unauthorized applications or devices from intercepting and reading communications.
There are situations where an intermediate proxy may be required to intercept and decrypt the communications. The proxy is inserted into the communication path and creates two separate secure (TLS/SSL) connections to handle the data transfer. For example, client-to-proxy and proxy-to-server connections are created. Data arriving on one connection (e.g., the client-to-proxy connection) is decrypted using the proxy's SSL engine, inspected, and re-encrypted for transfer on the other connection (e.g., the proxy-to-server connection). This involves the decryption and re-encryption of the data communications introducing additional delay to the communication. Furthermore, decryption and re-encryption, when done in software, are resource intensive and costly.